Tesla Arabic SQL Injection

2018.03.12
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

####################################################### # Exploit Title : Tesla Arabic SQL Injection # Date : 11/03/2018 # Exploit Author: Ozan Agdepe # Email: agdepeozan[at]gmail[dot]com # Author Twitter: twitter.com/OAdepe # # # Google Dork : intext: كهربائي php?id= # Tested On: Kali Lİnux & Windows 7-8-9-10 ####################################################### # Description: # An attacker can exploit this vulnerability to read from the database. # The vulnerability allows an attacker to inject sql commands.... ####################################################### #DEMO's: # http://www.tunesoman.com/product.php?id=200[SQL] # http://www.bpc.gov.bd/contactus.php?id=13[SQL] # https://www.fleurlis.com.tw/en/scene.php?cid=1&id=2[SQL] # http://www.avenued.com/europe/merchandise/index.php?ID=48[SQL] # http://www.ritii.com/en/product.php?CID=230[SQL] ##################################################### # # We are Turkish Cyber Security Researchers. Follow Me :) # Twitter.com/OAdepe

References:

https://twitter.com/OAdepe


Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top